[990] in athena10
Re: nss: hesiod -> ldap for groups?
daemon@ATHENA.MIT.EDU (Geoffrey Thomas)
Mon Jan 26 16:34:44 2009
Date: Mon, 26 Jan 2009 16:33:47 -0500 (EST)
From: Geoffrey Thomas <geofft@MIT.EDU>
To: Jonathan Reed <jdreed@mit.edu>
cc: Evan Broder <broder@mit.edu>, athena10@mit.edu
In-Reply-To: <4F554A86-721E-4A8C-8EDE-ADB9F0B14AC4@mit.edu>
Message-ID: <alpine.DEB.2.00.0901261623420.5605@vinegar-pot.mit.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
> Based on several hallway conversations, I will make the assertion that NFS
> groups should be considered legacy in the Athena 10 world, and that we should
> move forward with getting group information from somewhere like AD.
Hm, I'm not familiar with MIT's AD setup. Is the LDAP server win.mit.edu,
or something else? I'm not sure how to bind to it to query and poke at it;
there's no ldap/win.mit.edu keytab, and it seems not to accept simple
authentication (-x).
I completely agree with the concept of deprecating "NFS groups", i.e.,
Hesiod groups. I'm curious if we can do the same thing for other Hesiod
dependencies, since LDAP as a technology is in general better supported by
the Real World than Hesiod. It appears that autofs (which we no longer
use, but...) even supports automount maps in LDAP as well as in Hesiod.
--
Geoffrey Thomas
geofft@mit.edu
